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MODULE CHKPRO ( 
LANGUAGE ( 1585) 
IDENT = *V04-000' 


Sse 


ODONOULS wr 
~ 


BEGIN 


' 
lee RER RARER EAAAA AAA AERA EHEAAAAHAE AERA AT EATER eeee KRHA KeAeeeAeee 
' 


ie COPYRIGHT (c) 1978, 1980, 1982, 1984 BY 
ie DIGITAL EQUIPMENT CORPORATION, MAYNARD, MASSACHUSETTS. 
ie ALL RIGHTS RESERVED. 


ie THIS SOFTWARE iS FURNISHED UNDER A LICENSE AND MAY BE USED AND COPIED 
ON ACCORDANCE A THE TERMS OF SUCH LICENSE AND WITH THE 


:* INC E C OF Tw 
1 Sd be THEREOF MAY NOT BE PROVIDED OR OTHERWISE MADE AVAILABLE TO ANY 


® 
nt 
om 
® 
& 
® 
+ 
® 
® 
' oe 
ie TRANSFERRED. . 
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® 
® 
® 
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'* THE INFORMATION IN THIS SOFTWARE IS SUBJECT TO CHANGE WITHOUT MOTICE 
‘* eeppokat ibn NOT BE CONSTRUED AS A COMMITMENT BY DIGITAL EQUIPMENT 
7” . 


'® DIGITAL ASSUMES NO RESPONSIBILITY FOR THE USE OR RELIABILITY OF ITS 
SOFTWARE ON EQUIPMENT WHICH IS NOT SUPPLIED BY DIGITAL. 


AAA AAAI DOPOD NOTIN <3 as 8 a8 8 on ms 


=O ODNA VEN $$ O ODNA UNE WN 0 ODNO UNE AN SH OOONOUN EWN 


a a dd dd dd dt td I OOOO 
- e 
* 


' 
; leuddhbatbeneneaehnemeiaenanmanbenneatensdimaneiaindneimiabaaaeaniiinns 
3 'e+ 
3 : 
; FACILITY: F11ACP Structure Level 2 
3 ABSTRACT: 
3 i This routine checks the volume and file protection to see if the 
3 ; user is authorized to perform the intended operation. 
‘ 904¢ ENVIRONMENT : 
4g Bne§ i STARLET operating system, including privileged system services 
4 004 : and internal exec routines. 
44 044 : 
45 45 leo 
48 peg : 
4 004 : 
1 B08 AUTHOR: L. Mark Pilant, CREATION DATE: 31-Mar-1983 10:10 
30 33 i MODIFIED BY: 
52 26 i v03-021 LMP0259 L. Mark Pilant, 25-Jun-1984 11:24 
5 005 : Remove the clearing of the matching ACE storage. It has moved 
ee 0985 } to the READ_ATTRIB routine. 
56 036 i v03-020 ACG0427 _ Andrew C. Goldstein, | 8-May-1984 11:58 
57 005 : Finish security auditing. Restructure the saved audit 


eee aE ie ce 
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block to save space. | 


60 v03-019 arenes Golds tein, 27-Apr-1984 14:28 
61 Lter out local eA fr) PRV; go back to LOCAL_ARB 
? for access rights. 

64 v03-018 LMPO0228 L. Mark Pilant, ventorstves 9:18 
65 Ignore a corrupted ACL during & protection check. 

gs v03-017 LMP0221 . Mark Pilant 7-Apr-1984 13:23 
$8 Change the actual “protection check to use the new CHKPRO 
9 interface. 

71 v03-016 RSHO118 R. Scott Hanna age ig? sgl 

7 Enable ag A alarms and make changes due t 

7 auditin t List. Move the REA HEADER. te 10” “SPEC, 
e and NSA EVE i meUDIT calls to the DISPAT module. 

4} v03-015 ACG0412 Andrew C. Goldstein, 25-Mar-1984 17:43 
as Make all of global storage based, add access mode arg 

79 v03-014 LMP0208 L. Mark Pilant, 9-Mar-1984 9:16 
80 Don't include the ACL in the protection check if it is 

81 corrupt. It is still built, 


Be Ge Be Se Se Fe Se Be Se Fe Se Se Ge BH Se Se Ge Be FH Ge Ge FH Se Se Bee Ge Fe Oe Ge Ge FH Ge Se Se FH Se Se OH Se Ge Ge Se Fe Se Se Ge FH Se Se FH Se Se Ge SH Se Ge 
ee ea a a ae a ts a 4 > 2 4» ot 
ee ee ee ee ee ee EE EE EE EE EE EEE EEE EEE EE EEE EEE EEE EET SS SS ST SS ee ee a 


4 odify the protection checking routine to get the 

a? classification info from the correct place (FCB or header). 
87 v03-012 LMPO188 L. Mark Pilant, 4-Feb-1984 11:40 
4 Add support for a classification protection check. 
90 v03-011 RSHOO9S Scott H 02-Feb-1984 
4 Temporary disable “of sesurite * uditing. 
38 v03-010 CDS0001 Christian D. Saether 19-Dec-1983 
4 > Use L_NORM Linkage re | BIND_COMMON necro. 
4 28 v03-009 LMP0164 ark Pilant 10-Oct-1983 15:40 

9 Un-do a bug ieteaduees by ACGOS54. The problem was that you 
98 always got a 5 (ACL) segment descriptor, rather than what was 
180 044 actually needed. 
101 191 v03-008 LMP0158 L. Mark Pilant, 28-Sep-1983 11:19 
136 1 ¢ Goss block type and size are cleared where needed. (This 
17 194 was undone by ACG055 
105 105 v03-007 ACGO354 Andrew C. Goldstein 12-Sep-1983 18:30 
196 108 Add CONTROL access via READALL privilege; a d 
+4 19 alternate access mask; add *L driven gudit support. 
109 1 3 VO3-C06 ACGO354 Andrew C. Goldstein 24-Aug-1983 20:37 
110 110 Fix setup of protection mask and privilege mask 
Ng M6 v03-005 LMP0134 L. Mark Pilant, 5-Aug-1983 12:30 
11 11 Fix a problem that caused the access allowed to be incorrectly 
114 114 returned. 


owever. 
v03-013 Lanyivs L. Mark Pilant, 27-Feb-1984 14:41 
| 
| 
| 
| 


HKPRO 16-Sep-19 4 2 38: gir is VAX-11 Bliss-32 V +10 c8 2 Page ; 
-000 14-Sep-1984 DISKSVMSMASTER: ag 1X. SRCICHKPRO.B32;1 (1) | 
1 1 
1 1 V03-004 RSHO034 R. Scott Hanna 05-Jul-1983 | 
: : Add security auditing support. 
1 1 v03-003 LMP0121 L. Mark Pitene 16-Jun-1983 15:52 
Correct problems with implied protection. 


v03-002 Leorte L. Mark Pilant, s-fley~ “1983 12:15 
d support for returning access oh lowed, privileges used, 
— the ACE used to gain access (if any). 


v03-001 LMP0104 Mark Pilan 22-Apr-1983 8:50 
Correct some seablen with the: rewrite to use $CHKPRO. 


LIBRARY ‘SYSSLIBRARY:L1B.L32'; 
REQUIRE "SRCS:FCPDEF .632'; 


FORWARD ROUTINE 
CHECK_PROT : L NORM; 


BIND ! File access bits 
FILE_ACCESS = UPLIT BYTE ( 


VFWUN—OOONOUSWN—OCOnNOu 
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ARMSM_READ, 

ARMSM~READ OR ARMSM_WRITE, 
ARMSM_DELETE, 

ARMSM_WRITE, 

ARMSM~READ 

ARMS$M~ CONTROL, 

ARMSA EXECUTE 


pS es ) 
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GLOBAL ROUTINE CHECK_PROTECT (ACCESS, HEADER, FCB, ACMODE, ALT_ACCESS, REQUIRED) : L_NORM = | 
'+¢ 
i 


FUNCTIONAL DESCRIPTION: 


This routine calls CHECK_PROT and then, if enabled, collects data 
or file access auditing. 


i CALLING SEQUENCE: 
CHECK_PROTECT (ARG1, ARG2, ARG3, ARG4, ARGS, ARG6) 


i INPUT PARAMETERS: 
The input parameters are passed unmodified to CHECK_PROT. A description 
of the parameters may be found there. 


i OUTPUT PARAMETERS: 
NONE 


a 


| 
f auditing is enabled for the requested file access, a partial | 
ous seine argument List is built in AUDIT_ARGLIST and the counter 
AUDiT_COUNT is updated. The DISPAT module contains the code which 
completes the argument List and calls the auditing routine 
NSASEVENT_AUDIT. 
| 


i ROUTINE VALUE: 
NONE 


' 

' 

' 

' 

i 

' 

' 

' 

' 

' 

i] 

' 

! 

i IMPLICIT OUTPUTS: 
i] 

1 

' 

( 

' 

' 

' 

' 

i SIDE EFFECTS: 
; NONE 
' 


BORA SSN ee Die ee ne ene oo Ole Oe 3 


me a a 8 ek ed 8 tk et = = = ot 8 8“ = = a = 9 2 as 


ee ee ee ee ee ee ee ee ey SS | 
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BEGIN 
i FCB : REF BBLOCK; ! FCB arg 
89 LOCAL 
90 STATUS ! Status returned from CHECK_PROT 
91 LOC_A f ACCESS, ' Local copy of ALT_AC arg 
3 LOC-REQOIRED, ' Local copy of REQUIRED arg 
9 LOC_ACCESS, ' Local version of access mask 
94 ACL_FLAGS : BITVECTOR (8), ! Audit request flags from ACL 
95 AUDTT_FLAGS : BITVECTOR (85, ! Flags for audit call 
196 JOURN_MASK, ! Accumulated mask of eligible journal events 
197 ALARM_MASK, ' Accumulated mask of eligible alarm events 
198 PCB : REF $BBLOCK, ! Address of PCB 
4 ARGLIST : REF S$BBLOCK, ! Argument List pointer 
501 
$08 EXTERNAL 
0 NSA$SGR_JOURNVEC : SBBLOCK ADDRESSING_MODE (GENERAL), | 
04 ' Journaling enable bit vector 
05 NSASGR_ALARMVEC : SBBLOCK ADDRESSING MODE (GENERAL) , | 
06 ! Alarm enable bit vector 


Be Be Se Be Be Se Sse Be Be Se Se Se Se Se Se Se FH Se Ge Se Ge Ge Fe Se Ge Se Ge Fe Ge Se Se Ss Se Se Se Se Se Fe Se Se Se Se Ge Se Se Se Se Se eee Se Se Se Se Seas ee 


SO 


CHKPRO 
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<< 


SCH$SGL_CURPCB : LONG ADDRESSIN DE (GENERAL); 


rrent PCB address 
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M 
C 
BIND_ COMMON; 

Default the optional arguments to zero. 


SS = .ALT_ACCESS; 
= REQUIRED; 

! Perform protection check 

STATUS = CHECK_PROT (.ACCESS, .FCB, .ACMODE, .LOC_ALT_ACCESS, .LOC_REQUIRED, ACL_FLAGS); 


! If the FCB is zero, this is a volume check and no 
! security auditing is performed. 


If .FCB NEQ 0 
THEN 


IF_.STATUS 
THEN .STATUS NEQ SS$_NOTALLPRIV 
ee -REQUIRED 


THEN LOC_ACCESS = .LOC_ACCESS OR .LOC_ALT_ACCESS; 


! Determine if journaling or alarms are enabled for the 
specified file access. 


AUDIT_FLAGS = 0 

JOURN“MASK = .NSASGR_JOURNVECCNSASL_EVT_FAILUREJ; 
ALARM-MASK = .NSASGR-ALARMVECLNSASL_EVT FAILURE): 
IF STATUS 


BEGIN 

JOURN_MASK = .NSASGR_JOURNVEC NSASL. VT_SUCCESS); 
ALARM_MASK = .NSASGR_ALARAVECCNSASL EVT_SUCCESSJ; 
INCR J FROM 0 TO SBITPOSITION (CHPSQ_READALL) DO 


BEGIN 
IF (.PRIVS_USED AND 1*.J) NEQU 0 
THEN 


DPA rr Bs BS BS BS BE EE ENA NAN NNIAIRPUPINIPINPNNDY 2 2 OS OS OS OO 


BEGIN 
JOURN_MASK 
ALARM_MASK 
END; 


- JOURN_MASK OR ERT 


h R CNSASGR_JOURNVECCNSASL_EVT_SYSPRV], ate 
-ALARM_MASK OR .VEC JJ; 


0 EV 
OR CNSASGRTALARMVECLNSASL_EVT—SYSPRVJ, 


ee me ee ee ee ee ee em ee ee ee eB a aed od od ed = od od = 2d dD 
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BEGIN 

LOC_ACCESS = .FILE_ACCESSC.ACCESS]; 
| 
| 


Nn 9 
CHKPRO 16-Sep-1984 09: Qa: VAX-11 Bliss-32 V4.0-742 Page 6 CHK 
v04-000 14-Sep-1984 2:30:11 DISKSVMSMASTER:CF11X.SRCICHKPRO.B32;1 (2) | Tab 


+ 264 1253 END; 

3 269 1254 
; 98 1255 PCB = Meet tet ryt}: 
: 367 1296 IF PC PCBSV~SECAUDITI 

; 69 38 AUDIT_FLAGSCSBITPOSITION (NSASV_ARG_FLAG_MANDY)] = 1; | 
: 71 1260 IF ((.JOURN_MASK AND .LOC_ACCESS) NEQU 0) OR | 
; i 61 4 (.NSASGRJOURNVECENSASY_EVT_ACLJ AND .ACL_FLAGSCOJ) 
3 ark ! es AUDIT_FLAGSCSBITPOSITION (NSASV_ARG_FLAG_JOURN)] = 1; | 
; ste 1265 IF ((.ALARM_MASK AND .LOC_ACCESS) NEQU 0) OR | 
3 sir } of 4 (NSASGR_ALARMVECCNSAST_EVT ACL AND .ACL_FLAGS(1]) | 
; er 1268 ; AUDIT_FLAGSCSBITPOSITION (NSASV_ARG_FLAG_ALARM)] = 1; | 
; 281 1270 ! if perret ing alarms, or mendetory auditing are enabled, find an 

: see 1271 ! available au it block and fill it in. Acquiring the file name and 

; 28 \s7¢ ! sending the audit record is done Later. 

> 284 127 ; ! 

3 $e? iste 

: 86 1275 3 IF .AUDIT_FLAGS NEQ 0 

; 287 1276 3 N 

; 288 1277 4 BEGIN 
; 289 1278 4 IF | 
; 290 1279 5 BEGIN 
s el 1280 5 ARGLIST = AUDIT_ARGLIST; 
3 29 1261 5 DECR J FROM MAX"AUDIT_COUNT TO 1 | 
; 1282 5 DO | 
> 294 1283 6 BEGIN 

3s ev 1284 6 IF .ARGLISTCAUDIT_TYPE] EQ. 0 

; 296 1285 6 THEN EXITLOUP 0; 

; 297 1286 6 ARGLIST = .ARGLIST + AUDIT_LENGTH; 

; 298 1287 6 END 

; 299 1288 5 END ; : 

3 $09 1c) ? THEN BUG_CHECK (NOBUFPCKT, ‘Out of audit List entries’); 

: 302 1291 4 AUDIT_COUNT = .AUDIT_COUNT + 1; 

; 303 1296 4 ARGLISTCAUDIT_TYPE] =_.AUDIT_FLAGS; 

3: 304 1293 4 ARGLISTCAUDIT-SUCCESS] = .STATUS; 

; 305 1294 4 ARGLIST AUDIT-ACCESSJ = .LOC_ACCESS; 

: 306 1295 4 ARGLISTCAUDIT-PRIVS) = .PRIVS_USED; 

: 4 1696 3 HSMOVE (FCBSS_FID, FCBCFCBS$W_FIDJ, ARGLISTCAUDIT_FIDJ); | 
; 309 1298 2 END; 
; 310 945 § 

2 Se 1300 IF NOT .STATUS THEN ERR_EXIT (.STATUS) ELSE RETURN .STATUS; 
s Si2 1301 1 END; | 


-TITLE CHKPRO 
-IDENT \V04-000\ 
-PSECT S$CODES,NOWRT,2 
04 10 01 O02 08 O03 01 00000 P.AAA: .BYTE 1, 3, 8, 2, 1, 16, 4 ; 
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P.AAA 
NSASGR_JOURNVEC 

NSASGR~ALARMVEC | 
SCHSGL_CURPCB, BUGS_NOBUFPCKT | 


CHECK_PROTECT, Save R2.R3,R4,R5,R6,R7,RB 
NSASGR_ALARMVEC+8, RB 
NSASGR-JOURNVEC+8, R7 


Hh 
LOC_ALT_ACCESS 
LOC REQUIRED 
(APT, #6 


ALT ACCESS, LOC_ALT_ACCESS 
REQUIRED LOC_REQUIRED 


< SP> 
LOC_ALT_ACCESS 
FCB, -(SP) 


3$ 
ILE ACCESS, RO 
ACCESSCROJ, LOC_ACCESS 
TATUS, 2$ 

TATUS, #1665 

REQUIRED, 4$ 

LOC ALT_ACCESS, LOC_ACCESS 


UDTT_FCA 
NSASGR_JOURNVEC+8, JOURN_MASK 
NSASGRUALARAVEC+8, ALARM_MASK 
STATUS, 7$ 


NSASGR. JOURNVEC+12, JOURN_MASK 
NSASGR_ALARMVEC #12, ALARM~MASK 


ed ed a ed ed ed eed ed eed eed 
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J, #1, R1 
~60(BASE), R1 


NSASGR_JOURNVEC+16(JJ, JOURN_MASK 
NSASGR-ALARMVEC+16(JJ, ALARM_MASK 


#5, J, 

SCHS$GL_CURPCB, PCB 

as" So tpeB) ag 

#45 AUDIT FLAGS 
JOURN_MASR, LOC_ACCESS 


NSASGR_JOURNVEC, 108 
ACL_FLAGS, 10$ 
#2, ~AUDIT_FLAGS 
A ARM_MASR,, LOC_ACCESS 


NSASGR_ALARMVEC, 12% 
wi, ACC_FLAGS, 12 
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oy (ACCESS, FCB, ACMODE, ALT_ACCESS, REQUIRED, AUDIT_FLAGS) 
= 


ROUTINE CHECK 
: L_NO 


FUNCTIONAL DESCRIPTION: 


This routine checks the volume and file protection to see if the 
user is authorized to perform the intended operation. 


CALLING SEQUENCE: 
CHECK_PROTECTION (ARG1, ARG2, ARG3, ARG4, ARGS, ARG6) 


INPUT PARAMETERS: 


ARG1: access mode 
READ_ACCESS = 0 
WRITE_ACCESS = 1 
DELETE_ACCESS = ¢ 
CREATE_ACCESS = 
RDATT_ACCESS 24 
WRATT_ACCESS = 5 

EC_ACCESS 6 


= 
: FCB or 0 
ARGS: access mode of the accessor 
ARG4: alternate access mask to test for 
ARGS: 1 if alternate access if required 


IMPLICIT INPUTS: 
CURRENT_UCB: address of device UCB 
1O_PACKET: 1/0 packet of this request 
OUTPUT PARAMETERS: 
ARG6: address in which to store audit enable flags 
bit 0 = enable audit 
bit 1 = enable alarm 


IMPLICIT OUTPUTS: 
NONE 

ROUTINE VALUE: 
NONE 


SIDE EFFECTS: 
NONE 


BEGIN 
MAP 
FCB : REF BBLOCK, ! FCB arg 
AUDIT_FLAGS : REF BITVECTOR; ! audit and alarm flags 
LINKAGE 
L_CHKPRO_INT = JSB (REGISTER = Q. REGISTER = 1 
REGISTER = 2. REGISTER = 35; 
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; 371 135 LABEL 
$ f ! 6 CHECK_BLOCK; ! body of a single check attempt 

3; 374 1 6 LOCAL 

; i 136 STATUS ' Local routine exit status 

s 37 1364 FILE ACCESS_BITS: BBLOCK C1], ! Actual access mask to file 

. ar 1365 PROTECTION, ' Protection code of file 

3; ST 1 $ ER_UIC i he owner UIC 

: 37 136 SEG_NOMBER i Seqnent number of file header 

; 0 1 os AUDTT_BUFFER, i it name string buffer 

3 1 1 ALARM BUFFER, i Ate arm . me stri ing buffer 

; 5 1370 CHPCTC : BBLOCK CCHPCTL$C_LENGTH HKPRO control block 
; 1371 CHPRET : ae CHPRETSC LENGTH i CHKPRO return arg block 
; 384 1 ORB : BLOCK ' Obje He s “eights block 

; 385 1373 LOCAL_ORB : BELOCK CORGSC LENGTH | Used for BADACL checks | 
3 8 1375 BIND ' Access mode tables 

; 388 1 $ i Write operation on volume 
; 389 137 WRITE_OP PLIT | 
3 zy 1303 ARMSH TORITE OR ARMSM_DELETE OR ARMSM_CONTROL), 

; 39 isa ! mo READALL privilege for operation 

3 9 1381 NOREADALL PLIT 

: Be 1306 ARMSH TURITE OR ARMSM_DELETE), 

; 396 1382 ! Check for zero file segment number 

3 97 tH EXT_HEADER = UPLIT BYTE (¢ 

; 398 1386 %8°1100111° 

; 99 1387 ) : BITVECTOR, 

; 400 1388 

: 401 1389 ! Volume access bits 

; 40 1390 VOL_ACCESS = UPLIT BYTE ( 

; 40 1391 ARM MSM_READ, 

: 404 1336 ARMSM_READ OR ARMSM_WRITE 

; 405 139 ARMSM_READ OR ARMSM_DELET 

; 406 1394 ARMSM_ READ OR ARMSM_WRITE OR ARMSM_EXECUTE, 

: 407 1395 ARMSM_READ, 

; 408 1338 ARMSM_ READ OR ARMSM_WRITE, 

; 409 1397 ARASH 

: 410 1398 : VECTOR C,BYTE]; 

3 411 1399 
: aig 1400 
; 41 1401 EXTERNAL 
; hy 1296 EXESGL_DYNAMIC_FLAGS : BITVECTOR ADDRESSING_MODE (ABSOLUTE); 
F} 218 1404 EXTERNAL LITERAL 
> 41 1405 EXESV_CLASS_PROT; 

: 418 1008 

3: 4419 140 BIND_COMMON; 

: 420 1408 

3: 421 1409 EXTERNAL ROUTINE 
; 4 § 1410 EXESCHKPRO_INT =: L_CHKPRO_INT ADDRESSING -MODE (GENERAL); 
3 ? 7 ei) ' General” purpose protection checker 

3 ? 5 1418 ! Initialize storage. 

: 6 $ 1415 MATCHING_ACECACESB_SIZE) = 0; ! Only the size needs initializing 
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: «6 141 

3; 6 1219 AUDIT_BUFFER = 8: 

3; 6 1213 ALARM_BUFFER = 0; 

; ? 1 10) PRIVS_USED = 0; 

; 2 g 1° ? ! Items to return | 

: 435 14 ‘ CHPRET CHPRETSW_MATCHED_ACELEN] = ATRSS_READACE; 

; 4 1426 CHPRETLCHPRETSL_MATCHED_ACEJ = RATENING ACE: 

3 «6 1425 CHPRETLECHPRETSL _MATCHED AtEnety = 0; 

3; 4 14 § CHPRETLCHPRE TSW_ LER) = 4; 

: 4 14 CHPRET pRer LIAUDIT) = AuD} t BUFFER: 

; 4460 14 § CHPRETLCHPRETSL_ at = Q; 

3: 441 14 CHPRETLCHPRETSW_ALARMLEN] = 4; 

3 46 1430 @ CHPRETCCHPRETSL_ALARM) = ALARM_BUFFER; 

3; 446 1431 CHPRE TUE CHPRETSL_ALARMRE = 0; 

3 t¢8 1 § CHPRETLCHPRETSL_PRIVS_USED] = PRIVS_USED; 

: rr 1434 ! Derive the composite file access mask from the access type and 

; 44 1435 ' the alternate access mask. 

He 

: $29 1 8 FILE_ACCESS_BITS = .FILE_ACCESSC.ACCESS] OR .ALT_ACCESS; 

: $26 1440 ! We try the whole operation twice: once with the added alternate access 

; 45 1441 ! mask, and if that fails, once without. 

eee 

HS gummy 

: 438 1446 4 CHECK_BLOCK: BEGIN ! scope of one try 

: 460 1448 4 ! If the requested operation is a write operation, check to make 

$ ret 1088 2 ! sure that the volume is not software write locked. 

; rh 1451 4 IF (.WRITE OP AND .FILE_ACCESS_ BITS) we 0 

; 464 1636 4 AND .BBLOCR CCURRENT_UCBCUCBSL_DEVCHAR], DEVS$V_SWLJ 

: rhe age : = I 

3 467 1455 STATUS = S$S$_WRITLCK; 

3; 468 1456 LEAVE CHECK_BLOCK; 

Eg baee £ kes | 

: 471 1459 4 ! Get the address of the Object's Rights Block (ORB). | 

: 47s 1461 4 ORB = .CURRENT_UCBCUCBSL_ORB); 

: 675 1268 4 ! Now check the volume protection to make sure that the requested operation 

$ $76 1098 ? ! is allowed. If the attempted access is denied, return with the error. 

: 478 1466 4 CHPCTLCCHPCTLSL_ACCESS) = .VOL ACCESSC ACCESS]; 

3; 479 1467 4 IF .FILE_ACCESS_BITSCARMSV_WRITE 

: 4 1668 4 OR .FIL ght Pile ARMS$V_ CONTROL) 

; 481 146 4 THEN BBLOCK CCHPCTL pwecrus ACCESS], ARM$V_WRITE] = 1; 

; re {3 1470 4 IF .FILE ‘twat aM ARMSV_DELETE 

3 4 1471 4 THEN BBLOCK CCHPCTL GHPCTLEL ACCESS. ARM$SV_DELETE) = 1; 

3; 4484 1472 4 CHPCTLCCHPCTLS$B_MODE) = 0; 


eef 
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685 3 CHPCTLCCHPCTLSL_FLAGS] = CHPSM_READ: 
4 4 IF (.WRITE_OP AND .FILE ACCESS Bits) NEQ 0 
4 5 THEN BBLOCR CCHPCTLCCHPCTLSL_FCAGSJ, CHPSV_WRITE) = 1; 
4 $ IF (-NOREADALL AND , FILE ACCESS BITS) Ear O 
4 THEN BBLOCK CCHPCTLECHPCTLSL_FLAGSJ, CHPSV_USEREADALL) = 1; 
49 § STATUS = EXESCHKPRO_INT (LOCAL_ARB, .ORB, CHPCTL, 0); | 
138 IF NOT .STATUS 
493 THEN LEAVE CHECK_BLOCK; 
495 ' If there is no FCB specified, it is a volume access 
£38 : ! check. In which case, control may be returned now. 
438 § If .FCB EQL 0 
THEN LEAVE CHECK_BLOCK; 
of $ 


Get the protection, qyners and segment number for the desired header. 
° 


! Also, get the classification information if doing classification checks. 
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| 
IF .FCBLFCBSV_BADACLI | 
THEN | 
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; 

; 

iF 

306 4 BEGIN 

0 5 CHSMOVE (ORBSC_LENGTH, FCBCFCBSR_ORBJ, LOCAL_ORB); 

He LOCAL_ORBCORBSV_ACL ayeut = 0; 

09 LOCAL-ORBCORBSL-ACLFLJ = LOCAL_ORBCORBSL_ACLBL] = 0; 

311 oe = LOCAL_ORB; 

\¢ ELSE ORB = FCBCFCBSR_ ORB); 

Bt 1 SEG_NUMBER = .FCBCFCB$W_SEGN); | 

| 

15 g ! Next, if the operation is on an extension header, make sure that only the 

218 ! system is allowed access for most operations. 

318 If .EXT_HEADERC.ACCESS) 

519 THEN 

520 BEGIN 

521 SO a ee GTR 0 AND NOT .CLEANUP_FLAGSCCLF_SYSPRVJ 

; : BEGIN 

& STATUS = SS$_NOPRIV; 

525 LEAVE CHECK_BLOCK; 

: $ END; 
END; | 

2 3 : + nan the access requested to determine if access is to be granted or 

! denied. 
$31 


CHPCTLECHPCTLSL_ACCESS] = .FILE_ACCESS_BITS; 
CHPCTLCCHPCTLS$B_~MODE) = .ACMODE; 


STATUS = EXESCHKPRO_INT (LOCAL_ARB, .ORB, CHPCTL, CHPRET); 
Certain operations may be permitted ey sere than one access type. 


Read implies execute, and control implies read attributes. The 
protection check needs to be retried in these cases. 


REGS 


SELF 


me kk a a a a a a at an an a a a a at ts 9 as as — 9 — 9 4 2s 4) 8 2 YY YY 


Heal tal AL AL AL AL AL AD Ah AL Ah Ab Ah Ah Ah Ab ah ab cb ab db db ab Ab Ab Ab Ab Ab Al tek tet te ek el el el el el el tel el tel tet del ee lee ee de ee ed 
yy oy oY oy ot ot ot ot ot ot et et eh hh a i hh A ah a ih i Del 


PROPORUIPIPORIPNNUDY —* OO Ot OO 


PUPPAAAINIY 


ee 
-o 


H 10 

CHKPRO Jo-Sep-1984 00:01:14 — VAX>11 BLiss=32 V4.0-742 Page 13. cLe 
v04- 14-Sep-1984 0:11 DISKSVMSMASTER:CF11X.SRCICHKPRO.B32;1 (3) | 

; 54 1530 4 IF NOT .STATUS ‘ 
a. 1531 4 THEN ; 
D4 44 1 § BEGIN } . 
; 545 1 IF .ACCESS EQL EXEC_ACCESS : 
; re 1534 THEN ‘ 
; 54 1535 6 EGIN | : 
; 548 1 § 6 BBLOCK Sea Tene TL st ACCESS » ARMSV_EXECUTE] = 0; ‘ 
; 549 1 6 BBLOCK CCHPCTLLCHPCTLSL_ACCESSJ, ARMSV_READJ = 1; : 
; 350 1 8 6 AUDIT BUFFER = 0; : 
B 2a) 1539 6 ALARM_BUFFER = 0; : 
; 26 1540 6 PRIVS_ USED = 0; ‘ 
3 227 134, 6 piers = EXESCHKPRO_INT (LOCAL_ARB, .ORB, CHPCTL, CHPRET); | : 
: 555 1828 § ELSE IF .ACCESS EQL RDATT_ACCESS | ; 
; 356 1544 5 THEN | ; 
3 397 1545 6 BEGIN : 
; 558 1266 6 BBLOCK Seer CHC TL SL ACCESS » ARMSV_READ] = 0; ‘ 
3 Dey 1547 6 BBLOCK CCHPCTLCCHPCTLSL_ACCESS], ARMSV_CONTROL) = 1; ‘ 
; 560 1368 6 AUDIT_BUFFER = 0; ‘ 
; 561 1549 6 ALARM_BUFFER = 0; : 
; 206 1550 6 PRIVS_USED = 0; ° 
3; 36 1551 6 TATUS = EXESCHKPRO_INT (LOCAL_ARB, .ORB, CHPCTL, CHPRET); ‘ 
; G4 1336 5 ND; ‘ 
; 365 15535 4 END; ° 
; 566 1554 4 : 
; 567 1555 4 ! If we just tried a protection check with alternate access and it ‘ 
:; 568 1556 4 ! failed, retry it with just the normal access. Otherwise, we are : 
: 569 1557 4 ! done. : 
; 570 1558 4! ; 
3 Det 1559 4 : 
; 27¢ 1560 END; ! end of block CHECK_BLOCK : 
; or 1561 ; 
: 574 1306 IF .STATUS : 
; 575 156 OR .REQUIRED ‘ 
; 576 1564 OR .FILE_ACCESS_BITS EQL .FILE_ACCESSC.ACCESS) ; 
3 as 1392 THEN EXITLOOP; e 
; 579 1567 FILE_ACCESS_BITS = .FILE_ACCESSC.ACCESS); ‘ 
; 3e0 1308 END; ! end of retry loop : 
; 58 1396 ! Return audit and alarm status. : 
; 38 1571 : ‘ 
; 584 137 | : 
; 585 157 -AUDIT_ FLAGS = 0; | : 
; 236 1574 IF AUDIT BUFFER NEQ 0 : 
:; 387 1575 THEN AUDIT FLAGSCO) = 1; : 
; oe 1376 IF .ALARM_BUFFER we 0 : 
3 282 13 THEN AUDIT_FLAGS(1) = 1; : 
; 351 1399 ! Check if the alternate access check failed. If so, return alternate | : 
; 236 1 0 ! success status. : 
; 59 1581 : : 
: 94 15 ¢ ‘ 
3; 595 15 IF .STATUS ‘ 
3 1584 AND .ALT ACCESS NEQ 0 : 
; 29 1585 AND .FILE ACCESS BITS EQL .FILE_ACCESSC.ACCESS) : 
; 598 1586 THEN STATOS = SSS_NOTALLPRIV; : 
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' loca pervert ege mask under various circumstances fe.9-- volume ownership), 


1 
! 
but on 


RETURN .STATUS 


1 END; 
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! End of 
00102 -BLKB 
00104 P.AAB: .LONG 
00108 P.AAC: .LONG 
Q010C P.AAD: .BYTE 
00100 P.AAE: .BYTE 
WRITE _OP= 
NOREABALi= 
EXT_HEADER= 
VOL_ACCESS= 
EXT 
~EXTRN 
EXT 
00000 CHECK_PROT: 
WOR 
000 MOVAB 
000 VAB 
000 MO 
0001 CLRB 
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0 

O13 

0 

0 

027 CLRL 

A MOVW 
CLRL 
; VW 

f CLRL 

; 

0 
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EXESGL PYNARIC FLAGS 
EXES$V_CLASS_PROT 
EXESCAK ERO SINT 
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: PSECT SUMMARY 
; Name Bytes Attributes 
: SCODES 736 NOVEC,NOWRT, RD, EXE,NOSHR, LCL, REL, CON,NOPIC,ALIGN(2) 


Library Statistics 


sae eanene SVARSLE Sawences Pages Processing 
File Total Loaded Percent Mapped Time 
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; ~-$255$DUA28: CSYSLIBILIB.L32;1 18619 74 0 1000 00:02.0 
: COMMAND QUALIFIERS 
: BLISS/CHECK=(FIELD, INITIAL,OPTIMIZE)/LIS=LIS$:CHKPRO/OBJ=OBJ$:CHKPRO MSRC$: CHKPRO/UPDATE=(ENHS$: CHKPRO) 


; Size: 711 code + 25 data bytes 
00:35.7 


; Elapsed Time: 01:04.7 
: Lines/CPU Min: 2704 

3 poneneel SS ore) 46579 

; Ss 297 pages 
: — etion Complete 
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